Black Arrow Cyber Threat Briefing 31 May 2024

Welcome to this week’s Black Arrow Cyber Threat Briefing – a weekly digest, collated and curated by our cyber experts to provide senior and middle management with an easy to digest round up of the most notable threats, vulnerabilities, and cyber related news from the last week.

Top Cyber Stories of the Last Week

Santander Staff and '30 million' Customers Hacked via Cloud Provider Breach

Hackers known as ShinyHunters claim to have stolen confidential data from Santander, affecting all staff globally and millions of customers in Chile, Spain, and Uruguay. The breach includes 30 million bank account details, 6 million account numbers and balances, and 28 million credit card numbers. Santander confirmed the theft but assured no transactional data or online banking credentials were compromised. The attack is linked to an ongoing hack of cloud storage company Snowflake, accessed through a former employee's demo account. Santander is proactively contacting affected individuals and continues to ensure secure transactions. ShinyHunters have this week also claimed responsibility for the massive Ticketmaster breach below.

Source: [BBC]

ABN Amro Disclose Data Breach Following an Attack on a Third-Party Provider

A recent disclosure by Dutch bank ABN Amro revealed a data breach due to a ransomware attack on their third-party service provider, AddComm. This attack potentially exposed data of some ABN Amro clients, prompting the bank to notify affected clients and the Dutch Data Protection Authority. AddComm has since contained the incident, restored affected systems, and is investigating the breach with external security experts. While there are no signs of misuse of client data, ABN Amro has ceased using AddComm's services and warned clients to remain vigilant against phishing attempts.

Source: [SecurityAffairs]

Ticketmaster Confirms Massive Breach of 560m Users After Stolen Data Offered for Sale Online

Live Nation has confirmed a data breach at Ticketmaster, attributed to unauthorised activity within a third-party cloud database, believed to be Snowflake. The breach, identified on May 20, 2024, exposed data of over 560 million users, including personal details and ticket information. A threat actor known as ShinyHunters, the same threat actor claiming responsibility for the Santander attack above, has been attempting to sell this data on the dark web for $500,000. Despite the severity, Live Nation stated the breach is not expected to materially impact business operations or financial condition. The company is working with law enforcement and notifying affected users and regulatory authorities

Source: [BleepingComputer]

Material Cyber Attacks a Concern Among Many CISOs, with Human Error Still Perceived as the Achilles’ Heel of Cyber Security

A recent survey from Proofpoint reveals that 70% of CISOs feel at risk of a significant cyber attack within the next 12 months, up from 68% last year and 48% in 2022. Despite this, only around half feel prepared for such an attack. Human error remains a key vulnerability, with 74% identifying it as the most significant risk. Notably, 87% of CISOs are deploying AI-powered solutions to mitigate these risks. The top concerns include ransomware (41%), malware (38%), and email fraud (36%), with a notable increase in ransomware threats.

Sources: [HelpNetSecurity] [SCMagazine]

Old But Gold: Why Shoulder Surfing is an Underacknowledged Cyber Threat

A recent incident in the UK has highlighted the persistent threat of shoulder surfing, a social engineering tactic where sensitive information is obtained by observing someone's device screen. On 22 May 2024, The Times reported that information from a private memo by British Cabinet Minister Johnny Mercer was leaked after a fellow train passenger photographed Mercer's laptop screen. The memo contained accusations against Downing Street officials and advisors, illustrating the ease with which malicious actors can access confidential information through simple observation. This event underscores the need for heightened awareness and protective measures to combat shoulder surfing, including being mindful of your surroundings and using privacy screen filters.

Source: [ITPro]

Hackers Phish Finance Orgs Using Trojanised Minesweeper Clone

A recent cyber security alert highlights that hackers are leveraging code from a clone of Microsoft's Minesweeper game to conceal malicious scripts in attacks targeting financial institutions in Europe and the US. The threat actor, identified as 'UAC-0188,' uses this legitimate code to hide Python scripts that install remote management software on compromised systems. At least five breaches have been identified across financial and insurance sectors. The attack initiates with an email from "support@patient-docs-mail.com," prompting recipients to download a malicious file from Dropbox, which includes both innocuous and malicious code to evade security detection.

Source: [BleepingComputer]

Deepfake Scams Have Robbed Companies of Millions. Experts Warn It Could Get Worse

A recent surge in deepfake scams has resulted in millions of dollars in losses for companies globally, with experts predicting an increase in such frauds as criminals leverage generative AI. In one major incident, a Hong Kong finance worker was deceived into transferring over $25 million to fraudsters using deepfake technology to impersonate senior executives on a video call. UK engineering firm Arup confirmed involvement in this case, though details remain under investigation. The accessibility of AI tools like OpenAI’s Chat GPT has lowered the entry barrier for cyber criminals, enhancing both the volume and sophistication of these types of scams.

Source: [CNBC]

Ransomware in the Finance Sector: Emerging threats

A recent analysis highlights ransomware as a critical threat, particularly to the financial services sector due to its integral role in the global economy and sensitive data handling. Cyber criminals have enhanced their tactics, including pre-emptive data exfiltration, to coerce victims into paying ransoms. Phishing emails remain the primary delivery method, exploiting user unawareness to execute these attacks. These emails allow attackers to reach numerous targets cost-effectively, increasing the likelihood of successful breaches. This evolution in ransomware strategies underscores the need for heightened cyber security measures across all sectors.

Source: [Verdict]

Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware

A coordinated law enforcement effort codenamed Operation Endgame led by Europol has dismantled the infrastructure of several malware loader operations, including IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot. The operation, conducted between May 27 and May 29, resulted in the takedown of over 100 servers worldwide and the arrest of four individuals in Armenia and Ukraine. Europol's actions targeted high-value criminal infrastructure, resulting in the seizure of more than 2,000 domains and the disruption of services used to facilitate ransomware and other malicious attacks. One suspect allegedly profited €69 million ($74.6 million) from renting out these criminal services.

Source: [TheHackerNews]

Hacktivist Attacks on Europe Have Doubled Since 2023, Top EU Cyber Security Official says: ‘This is Part of the Russian War of Aggression’

A recent surge in disruptive digital attacks, largely attributed to Russia-backed groups, has doubled within the European Union, targeting critical infrastructure and election-related services. Juhan Lepassaar, head of the European Union Agency for Cybersecurity (ENISA), reported a significant increase in hacktivist attacks since Russia's invasion of Ukraine, with methods often tested in Ukraine before extending to the EU. Upcoming elections in the EU and other countries have heightened security concerns. ENISA has been working to bolster the resilience of election agencies and noted a rise in ransomware targeting public institutions. The agency also warned of the growing threat of AI-enabled disinformation campaigns.

Source: [Fortune]

North Korean 'Moonstone Sleet' Threat Group Melds Espionage, Financial Goals - Microsoft

A recent report by Microsoft has uncovered the North Korean threat group "Moonstone Sleet," which engages in both espionage and financial cyber attacks. Initially overlapping with the DPRK's Diamond Sleet, Moonstone Sleet has since developed its own unique tactics, using techniques like fake job offers, custom ransomware, and trojanised software delivered via social media. The group has targeted aerospace, education, and software organisations by masquerading as legitimate companies such as "StarGlow Ventures" and "C.C. Waterfall." Their methods, including using trusted platforms like LinkedIn and Telegram, complicate defensive measures and exploit the inherent trust in these platforms.

Source: [DarkReading]

Europe on High Alert after Suspected Moscow-linked Arson and Sabotage

A recent spate of arson and sabotage attacks across Europe, potentially linked to Russian operatives, has heightened security concerns. Incidents include a fire at an Ikea in Lithuania, an arson attack in east London, antisemitic graffiti in Paris, and in Germany suspicions of foreign intelligence-driven attacks in addition to a wave of cyber-attacks in 2023 by a hacker group linked to Russian intelligence. Security services suspect these acts aim to destabilise the West amidst its support for Ukraine. Polish authorities have arrested nine individuals for alleged sabotage under Russian orders, while Estonia and Germany report similar threats. This issue, discussed at a Brussels summit, highlights the need for increased vigilance against hybrid attacks orchestrated by foreign entities.

Source: [TheGuardian]

Making the Case for 'Reasonable' Cyber Security

A recent white paper from the Center for Internet Security (CIS) discusses the concept of "reasonable cyber security" and its alignment with privacy laws. This standard, highlighted at the RSA Conference, is context-dependent and varies by industry. For instance, while the Payment Card Industry Data Security Standard (PCI DSS) prescribes specific controls, the GDPR emphasises transparency and good faith efforts. The importance of quantifying cyber risk was underscored by the US Federal Reserve emphasising improved data on cyber threats for better risk assessment. Implementing security frameworks like the NIST Cybersecurity Framework can help meet these evolving regulatory and insurance requirements

Source: [DarkReading]

Hundreds of Thousands of Internet Routers Destroyed in Attack on Telco

A significant cyber attack last October targeted a US telecoms company, disabling over 600,000 internet routers across multiple states, according to Lumen Technologies' Black Lotus Labs. The attack, undisclosed until recently, involved malicious firmware updates that rendered the routers inoperable. Researchers did not identify the hackers or the affected company. The malware, still circulating online, disrupted internet access from October 25 to 27. This attack is considered one of the most severe against the US telecommunications sector and illustrates the vulnerability of telecoms provided routers to these types of attacks.

Source: [YahooFinance]

Governance, Risk and Compliance

• New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)

• Material cyber attacks a concern among many CISOs | SC Media (scmagazine.com)

• The Link Between Cyber Security and Reputation Management for Executives - Security Boulevard

• The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)

• Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro

• 70% of CISOs feel vulnerable to a material cyber attack in 2024 | Security Magazine

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• Cyber security teams gear up for tougher challenges in 2024 - Help Net Security

• 4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)

• Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)

• The complexity of global cyber security threats (devx.com)

• How Corporate Boards Are Setting CEO’s Up For Cyber Security Failure (forbes.com)

• CISO priorities must shift in a heightened threat landscape - Raconteur

• Cyber security is the cause of all MSPs’ headaches • The Register

• Bridging Cyber Security Expectations And Reality To Empower CISOs (forbes.com)

• Making the Case for 'Reasonable' Cyber Security (darkreading.com)

• Why cyber criminals and hackers are targeting small businesses - Marketplace

• Social Distortion: The Threat of Fear, Uncertainty and Deception in Creating Security Risk - SecurityWeek

• Widespread data silos slow down security response times - Help Net Security

• Absolute Security Survey Reveals UK CISOs Ignore NCSC Guidance | Business Wire

• Reducing CIO-CISO tension requires recognizing the signs | CIO

• Avoiding the cyber security blame game - Help Net Security

Threats

Ransomware, Extortion and Destructive Attacks

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• Ransomware in the finance sector: Emerging threats - Verdict

• New ShrinkLocker ransomware uses BitLocker to encrypt your files (bleepingcomputer.com)

• Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security

• 6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)

• Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop

• LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert

• Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)

• How to improve ransomware attack outcomes | SC Media (scmagazine.com)

• Why healthcare data is often the target of ransomware attacks (techtarget.com)

• Ransomware against healthcare and manufacturing on the rise: What to know, how to respond | SC Media (scmagazine.com)

• Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard

Ransomware Victims

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

• MediSecure: Australia grapples with surge in cyber attacks | news.com.au — Australia’s leading news site

• After Cyber Attack, Christie’s Gives Details of Hacked Client Data - The New York Times (nytimes.com)

Phishing & Email Based Attacks

• New KnowBe4 phishing report reveals top choices for phishing scams – PCR (pcr-online.biz)

• Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)

• Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer.com)

• New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI (thehackernews.com)

• LockBit Black Ransomware Bot Sprays “Millions of Messages” | MSSP Alert

• Google: Stop Trying to Trick Employees With Fake Phishing Emails | PCMag

• Free Piano phish targets American university students, staff (bleepingcomputer.com)

BEC

• HP Report Surfaces Shifts in Cyber Attack Tactics - Security Boulevard

Other Social Engineering

• Old but gold: Why shoulder surfing is an underacknowledged cyber threat | ITPro

• No 10 neglecting popular MPs, laments minister in leaked memo (thetimes.co.uk)

• "So some little weirdo has gone round snapping my laptop reading private messages from a private email account," Mercer Xeeted.

Artificial Intelligence

• Kroll cyber threat landscape report: AI assists attackers | CSO Online

• 'GODMODE GPT': Hacker releases jailbroken version of ChatGPT (newsbytesapp.com)

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• The Rise and Risks of Shadow AI - Security Boulevard

• NIST Releases Risk ‘Profile’ for Generative AI | Polsinelli - JDSupra

• OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization

• Four Security Questions to Ask Your Enterprise Generative AI Provider (darkreading.com)

• Where’s the ROI for AI? CIOs struggle to find it | CIO

• OpenAI sets up safety committee as it starts training new model | Reuters

• How AI will change democracy | CyberScoop

Malware

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• TeaBot Banking Trojan Activity on the Rise, Zscaler Observes - Infosecurity Magazine (infosecurity-magazine.com)

• Why cloud attacks no longer need malware [Q&A] (betanews.com)

• Is Your Computer Part of ‘The Largest Botnet Ever?’ – Krebs on Security

• Trio of Chinese botnet operators sanctioned by United States • The Register

• macOS version of elusive 'LightSpy' spyware tool discovered (bleepingcomputer.com)

• Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)

• Pirated Microsoft Office delivers malware cocktail on systems (bleepingcomputer.com)

Mobile

• Hacking phones is too easy. Time to make it harder (economist.com)

• Privacy vs. Mobile Security: Why You Don’t Have to Choose | MSSP Alert

• 90+ Malicious Apps Totaling 5.5M Downloads Lurk on Google Play (darkreading.com)

• Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop

• Data shows deceitful Android malware is on the rise: Take this one step to keep your phone safe | Laptop Mag

• NSA Warns iPhone & Android Users To Turn It Off And On Again (forbes.com)

Denial of Service/DoS/DDOS

• New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)

• Internet Archive is continuing to face DDoS attacks after several days - Neowin

Internet of Things – IoT

• These are the most insecure devices you might still have in your home (xda-developers.com)

• Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack (yahoo.com)

Data Breaches/Leaks

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

• Data breach exposes details of 25,000 current and former BBC employees | BBC | The Guardian

• Dutch Social housing tenants' data may have been stolen after IT supplier hack | NL Times

• Almost all citizens of city of Eindhoven have their personal data exposed (bitdefender.com)

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors (securityaffairs.com)

• Cencora data breach exposes US patient info from 11 drug companies (bleepingcomputer.com)

• Good luck keeping the past private now —criminal records of millions of Americans leaked online in major database breach | TechRadar

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• MITRE December 2023 attack: threat actors created rogue VMs to evade detection (securityaffairs.com)

• Software firm fined $74k for data breach caused by weak password; half a million users affected | The Straits Times

• Nearly 3 million affected by Sav-Rx data breach (therecord.media)

• MediSecure: Australia grapples with surge in cyber attacks | news.com.au — Australia’s leading news site

• First American December data breach impacts 44,000 people (bleepingcomputer.com)

• Hackers Claim Ticketmaster Data Breach: 560 Million Users' Info Up for Sale (hackread.com)

• Update on BBC data security incident (bbc.co.uk)

• MPs email passwords exposed on the dark web, study suggests (cityam.com)

• Everbridge warns of corporate systems breach exposing business data (bleepingcomputer.com)

• FBCS Data Breach Impact Grows to 3.2 Million Individuals - SecurityWeek

• Cooler Master hit by data breach exposing customer information (bleepingcomputer.com)

• Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch

Organised Crime & Criminal Actors

• Digital Arrests: The New Frontier of Cyber crime | MSSP Alert

• Cyber crime study finds global human-initiated digital attack rate up 19% | Chain Store Age

• Phishing-as-a-service (PhaaS): What is it and How it work? (todayq.com)

• Hackers Sell Fake Pegasus Spyware on Clearnet and Dark Web (hackread.com)

• Hacker defaces spyware app’s site, dumps database and source code (bleepingcomputer.com)

• BreachForums returns just weeks after FBI-led takedown • The Register

• 6 Facts About How INTERPOL Fights Cyber Crime (darkreading.com)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Cops Are Just Trolling Cyber Criminals Now | WIRED

• Potent youth cyber crime ring made up of 1,000 people, FBI official says | CyberScoop

• Cyber criminals pose as "helpful" Stack Overflow users to push malware (bleepingcomputer.com)

• US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• Ferraris, Bomb Threats, Billions: FBI Nabs Alleged Cyber crime Kingpin YunHe Wang (thedailybeast.com)

Cryptocurrency/Cryptomining/Cryptojacking/NFTs/Blockchain

• Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)

• Former FTX executive Salame sentenced to over 7 years in prison - BBC News

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• Hackers who finally unlocked $3 million Bitcoin wallet after 11 years explain how they did (unilad.com)

Insider Risk and Insider Threats

• Human error still perceived as the Achilles' heel of cyber security - Help Net Security

• New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)

Insurance

• AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)

Supply Chain and Third Parties

• ABN Amro discloses data breach following an attack on a third-party provider (securityaffairs.com)

Cloud/SaaS

• Santander hit by massive cyberattack: All staff and '30million' customers have personal data stolen by gang 'behind Ticketmaster hack' | Daily Mail Online

• 34% of organisations lack cloud cyber security skills - Help Net Security

• Impact of Remote Work and Cloud Migrations on Security Perimeters (securityaffairs.com)

• Why cloud attacks no longer need malware [Q&A] (betanews.com)

• Update on data security incident (bbc.co.uk)

Identity and Access Management

• Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security

Encryption

• Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors (securityaffairs.com)

• New ShrinkLocker ransomware uses BitLocker to encrypt your files (bleepingcomputer.com)

Passwords, Credential Stuffing & Brute Force Attacks

• Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)

• Software firm fined $74k for data breach caused by weak password; half a million users affected | The Straits Times

• Okta warns of credential stuffing attacks targeting its Cross-Origin Authentication feature (securityaffairs.com)

• Password auditing: Purge weak passwords from your organisation | ITPro

• Enhancing cyber security with 'moving trees' (techxplore.com)

• Hackers who finally unlocked $3 million Bitcoin wallet after 11 years explain how they did (unilad.com)

Malvertising

• Arc browser’s Windows launch targeted by Google ads malvertising (bleepingcomputer.com)

Training, Education and Awareness

• Using Scary but Fun Stories to Aid Cyber Security Training - Security Boulevard

• Beyond the Code: Modern Cyber Security Training for 2024 (informationweek.com)

• Why Human Risk Management is Cyber Security's Next Step for Awareness - Infosecurity Magazine (infosecurity-magazine.com)

Regulations, Fines and Legislation

• New cyber attack reporting requirement for Swiss financial institutions (cms-lawnow.com)

• The SEC’s SolarWinds Case: What CISOs Should Do Now (darkreading.com)

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru

• The SEC's New Take on Cyber Security Risk Management (darkreading.com)

Models, Frameworks and Standards

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)

Data Protection

• GDPR Turns Six: Reflecting on a Global Privacy Benchmark - IT Security Guru

Careers, Working in Cyber and Information Security

• 34% of organisations lack cloud cyber security skills - Help Net Security

• Cyber security Skills Shortage Is Ranked as the Biggest Risk (globenewswire.com)

• 9 Tips to Avoid Burnout in Cyber Security (darkreading.com)

• New cyber security school to pay students $4K monthly salary

Law Enforcement Action and Take Downs

• ‘World’s largest botnet’ knocked offline after raking in billions | The Independent

• Over 100 malware servers shut down in 'largest ever' operation against botnets (therecord.media)

• Ransomware Networks Brought Down In Major Global Police Operation | HuffPost Latest News

• Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware (thehackernews.com)

• Massive ransomware network taken down by ‘Endgame’ international police operation | Fortune Europe

• BreachForums returns just weeks after FBI-led takedown • The Register

• Indian man stole $37 million in crypto using fake Coinbase Pro site (bleepingcomputer.com)

• Ransomware operators shift tactics as law enforcement disruptions increase - Help Net Security

• 6 Facts About How INTERPOL Fights Cyber crime (darkreading.com)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Cops Are Just Trolling Cyber criminals Now | WIRED

• Four arrested as international police operation takes down ransomware networks | BelfastTelegraph.co.uk

• US arrests man allegedly behind enormous botnet that enabled cyber attacks and fraud - The Verge

• Law enforcement operation takes aim at an often-overlooked cyber crime linchpin | Ars Technica

• Ferraris, Bomb Threats, Billions: FBI Nabs Alleged Cyber crime Kingpin YunHe Wang (thedailybeast.com)

Nation State Actors, Advanced Persistent Threats (APTs), Cyber Warfare, Cyber Espionage and Geopolitical Threats/Activity

Cyber Warfare and Cyber Espionage

• Airlines grapple with spike in GPS interference. Experts say it's collateral damage from global conflicts | CBC News

• OODA Loop - The Cyber Arms Race Gives Way to AI Weaponization

• Could the Next War Begin in Cyberspace? (informationweek.com)

• Global stability issues alter cyber threat landscape, ESET reports | CSO Online

• Cyber Psychological Warfare: Hacking Operational Technology (inforisktoday.com)

• Negotiations over new NATO cyber centre still ongoing weeks from planned launch (therecord.media)

Nation State Actors

China

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• Ongoing Chinese cyberespionage operation targets government orgs | SC Media (scmagazine.com)

• Trio of Chinese botnet operators sanctioned by United States • The Register

Russia

• 400% rise in MoD data breaches fuels fear of cyber threat from Russia and China (inews.co.uk)

• Russia-linked cyber attacks on Europe have doubled since 2023, top EU cyber security official says | Fortune Europe

• Putin hijacked Austria’s spy service. Now he’s going after its government – POLITICO

• Map shows Russia's campaign of terror, sabotage and hacking in Europe | World News | Metro News

• Critics of Putin and his allies targeted with spyware inside the EU | Hacking | The Guardian

• FlyingYeti phishing crew grounded after failed Ukraine ops • The Register

• Europe on high alert after suspected Moscow-linked arson and sabotage | Russia | The Guardian

• German officer gave up secrets to Russia 'to prevent nuclear war'

• Germany's cyber ambassador on the response to Russia: 'All of this takes time' (therecord.media)

• FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)

• CERT-UA warns of malware campaign conducted by threat actor UAC-0006 (securityaffairs.com)

• Russia Has Figured Out How to Mess up Ukraine's Starlink Internet: NYT (businessinsider.com)

• Surveillance Risk: Apple's Wi-Fi-Based Positioning System (govinfosecurity.com)

• Major Russian delivery company down for three days due to cyber attack (therecord.media)

• Russian indicted for selling access to US corporate networks (bleepingcomputer.com)

• Most EU election interference domestic in origin, not Russian: Meta (therecord.media)

North Korea

• New North Korean Hacking Group Identified by Microsoft - Infosecurity Magazine (infosecurity-magazine.com)

• Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks | Microsoft Security Blog

• Microsoft Uncovers 'Moonstone Sleet' — New North Korean Hacker Group (thehackernews.com)

• Global stability issues alter cyber threat landscape, ESET reports | CSO Online

• Microsoft: 'Moonstone Sleet' APT Melds Espionage, Financial Goals (darkreading.com)

• New North Korean group tied to ransomware, gaming campaigns • The Register

• Microsoft links North Korean hackers to new FakePenny ransomware (bleepingcomputer.com)

Other Nation State Actors, Hacktivism, Extremism, Terrorism and Other Geopolitical Threat Intelligence

• Phones of journalists and activists in Europe targeted with Pegasus | CyberScoop

Vulnerability Management

• The Importance of Patching Vulnerabilities in Cyber Security - Security Boulevard

• NIST expects to clear backlog in vulnerabilities database by end of fiscal year (therecord.media)

• Why CVEs Are an Incentives Problem (darkreading.com)

• The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)

• NIST says NVD will be back on track by September 2024 - Help Net Security

• 59% of public sector apps carry long-standing security flaws - Help Net Security

• NIST Getting Outside Help for National Vulnerability Database - SecurityWeek

• An Argument for Coordinated Disclosure of New Exploits (darkreading.com)

Vulnerabilities

• Cisco Releases May 2024 Cisco ASA, FMC, and FTD Software Security Publication | CISA

• Critical Flaw in AI Platform Exposes Proprietary Data (darkreading.com)

• High-severity flaw affects Cisco Firepower Management Center (securityaffairs.com)

• Hackers target Check Point VPNs to breach enterprise networks (bleepingcomputer.com)

• Exploit released for maximum severity Fortinet RCE bug, patch now (bleepingcomputer.com)

• Check Point VPN zero-day exploited in attacks since April 30 (bleepingcomputer.com)

• VMware Workstation and Fusion: Critical Security Flaws Fixed - Security Boulevard

• Google fixes eighth actively exploited Chrome zero-day this year (bleepingcomputer.com)

• An XSS flaw in GitLab allows attackers to take over accounts (securityaffairs.com)

• WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites (thehackernews.com)

• The most dangerous CVEs of 2023 and 2024: fix these today (kaspersky.co.uk)

• Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors - SecurityWeek

• RedTail Crypto-Mining Malware Exploiting Palo Alto Networks Firewall Vulnerability (thehackernews.com)

• FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine (thehackernews.com)

• Security flaw in this TP-Link Archer router receives 10 out of 10 severity rating | TechSpot

Tools and Controls

• Why strong passwords are still the first line of defence against cyber threats (securitybrief.co.nz)

• Microsoft battens security hatches on Windows admin accounts | PCWorld

• 34% of organisations lack cloud cyber security skills - Help Net Security

• New DoS Attack ‘DNSBomb’ Exploiting DNS Queries & Responses (cybersecuritynews.com)

• Farewell VBScript: Microsoft confirms plans to begin phasing out the programming language | ITPro

• The evolution of security metrics for NIST CSF 2.0 - Help Net Security

• 4-Step Approach to Mapping and Securing Your Organisation's Most Critical Assets (thehackernews.com)

• How to combat alert fatigue in cyber security - Help Net Security

• Why leaders must prioritise network security - Raconteur

• Network Segmentation: Top Challenges And How To Solve Them (forbes.com)

• New Research Warns About Weak Offboarding Management and Insider Risks (thehackernews.com)

• Identity-related incidents becoming severe, costing organisations a fortune - Help Net Security

• Password auditing: Purge weak passwords from your organisation | ITPro

• Beyond the blind spots: why CISOs must embrace deep observability - Raconteur

• Evolving Detection Engineering Capabilities with Breach & Attack Simulation (BAS) - Security Boulevard

• How NIST Cybersecurity Framework 2.0 Tackles Risk Management (securityintelligence.com)

• Contextual Intelligence is the Key - Security Boulevard

• Why Human Risk Management is Cyber Security's Next Step for Awareness - Infosecurity Magazine (infosecurity-magazine.com)

• AI’s role in FS businesses’ cyber defence and risk assessment (finextra.com)

• Report: The Dark Side of Phishing Protection (thehackernews.com)

• Essential Strategies for Recovering from Ransomware Attacks - Security Boulevard

Reports Published in the Last Week

• Q1 2024 Threat Landscape Report: Insider Threat & Phishing Evolve Under AI Auspices (kroll.com)

Other News

• Cyber security of elections - POST (parliament.uk)

• Why cyber criminals and hackers are targeting small businesses - Marketplace

• Shell says 'potential cyber security incident' under investigation | CTV News

• Defending Professional Sports Organisations Against Cyber Threats (forbes.com)

• How Manufacturers Can Build Their Cyber Defence (forbes.com)

• Manufacturing Is #1 in Cyber Attacks for Third Straight Year. What Can Be Done? | IndustryWeek

• How Can Small Businesses Alleviate Cyber Risks? (forbes.com)

• Cyber security is the cause of all MSPs’ headaches • The Register

• Most EU election interference domestic in origin, not Russian: Meta (therecord.media)

Sector Specific

Industry specific threat intelligence reports are available.

Contact us to receive tailored reports specific to the industry/sector and geographies you operate in.

·         Automotive

·         Construction

·         Critical National Infrastructure (CNI)

·         Defence & Space

·         Education & Academia

·         Energy & Utilities

·         Estate Agencies

·         Financial Services

·         FinTech

·         Food & Agriculture

·         Gaming & Gambling

·         Government & Public Sector (including Law Enforcement)

·         Health/Medical/Pharma

·         Hotels & Hospitality

·         Insurance

·         Legal

·         Manufacturing

·         Maritime

·         Oil, Gas & Mining

·         OT, ICS, IIoT, SCADA & Cyber-Physical Systems

·         Retail & eCommerce

·         Small and Medium Sized Businesses (SMBs)

·         Startups

·         Telecoms

·         Third Sector & Charities

·         Transport & Aviation

·         Web3

As usual, contact us to help assess where your risks lie and to ensure you are doing all you can do to keep you and your business secure.

Look out for our ‘Cyber Tip Tuesday’ video blog and on our YouTube channel.

You can also follow us on Facebook, Twitter and LinkedIn.

Links to articles are for interest and awareness and linking to or reposting external content does not endorse any service or product, likewise we are not responsible for the security of external links.